nologin for users

--- Gregory Davis <gdavis7 at umbc.edu> wrote:
> Login has documentation on how to stop all users but root from logging into
> a system. Otherwise, all users may login. This poses a threat, I think,
> for users like "nobody" that aren't really users, but rather are dummy
> users. Assuming I set a password for that account, passwords can still be
> cracked, and that would lead to a security defect. I have seen on other
> non-LFS systems a passwd file that lists the login shell of such dummy
> users as /sbin/nologin or /sbin/false. What is the theory behind those,
> and are they simply nonshell programs? For instance, can I just write a
> program in my favorite language (C/C++) that prints an error message and
> returns exit failure to the OS, and use that as the /sbin/nologin shell?
=====
-----BEGIN GEEK CODE BLOCK-----
Version 3.1
GCS/L/C/O d-(+) s++:+ a-- C+++$>++++ UBLS++++$
P+++(--)$ L++>+++ E--- W+>++$ N !o K? w(--) !O
M- !V PS+ PE(++) Y+ PGP->+ t- 5 X+() R(+) tv+@
b++(+++) !DI+++ D G(-) e>+++$ h---() r+++ y+++
------END GEEK CODE BLOCK------
__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com
--
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message